The particulars change, but the general rule doesn’t: Don’t install software you’re not certain you can trust. A new Trojan horse targeting Mac users tries to trick you into installing it by prompting you to install a browser plug-in when you visit a compromised or malicious webpage.

But rather than installing FreeTwitTube, the software instead installs a Yontoo plug-in for Safari, Chrome, and Firefox. The plug-in inserts ads and other content onto other webpages as you surf. The real risk with browser extension-based malware is that such extensions can easily access and execute remote code—and monitor the URLs you visit, along with the content of those pages. It doesn’t appear that Yontoo does that... yet.

You can check if you’re a Yontoo victim by reviewing your browser’s installed plug-ins. Deleting the extension should be enough to rid your Mac of the malware.

Screenshots courtesy Dr.Web.

To comment on this article and other Macworld content, visit our Facebook page or our Twitter feed.

Lex uses a MacBook Pro, an iPhone 5, an iPad mini, a Kindle 3, a TiVo HD, and a treadmill desk, and loves them all. His latest book, a children's book parody for adults, is called "The Kid in the Crib." Lex lives in New Jersey with his wife and three young kids.